Package: libgnutls26 Version: 2.2.3-1 Severity: important
I regenerated my SSL certificates today (due to the security advisory) and mutt now refuses to connect to my SMTP server with STARTTLS. This is obviously unsuitable. Using cyrus-clients-2.3's smtptest (which uses OpenSSL) does not object to the certificate. You can find the old certificate, which worked fine, at http://crustytoothpaste.ath.cx/cgi-bin/pyca/view-cert.py/ServerCerts/server?18 . I generated them exactly the same way, and they appear to have exactly the same extensions. The MTA is sendmail, which uses OpenSSL. Feel free to test against my machine if you want. Transcript of session: lakeview ok % gnutls-cli -p 587 -s crustytoothpaste.ath.cx Resolving 'crustytoothpaste.ath.cx'... Connecting to '172.16.0.1:587'... - Simple Client Mode: 220 crustytoothpaste.ath.cx ESMTP spoken here EHLO lakeview.crustytoothpaste.ath.cx 250-crustytoothpaste.ath.cx Hello [172.16.3.249], pleased to meet you 250-ENHANCEDSTATUSCODES 250-PIPELINING 250-8BITMIME 250-SIZE 15000000 250-DSN 250-ETRN 250-AUTH GSSAPI DIGEST-MD5 CRAM-MD5 250-STARTTLS 250-DELIVERBY 250 HELP STARTTLS 220 2.0.0 Ready to start TLS *** Starting TLS handshake *** Fatal error: Key usage violation in certificate has been detected. *** Handshake has failed -- System Information: Debian Release: lenny/sid APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 2.6.25-1-amd64 (SMP w/2 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to en_US.UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages libgnutls26 depends on: ii libc6 2.7-11 GNU C Library: Shared libraries ii libgcrypt11 1.4.1-1 LGPL Crypto library - runtime libr ii libgpg-error0 1.4-2 library for common error values an ii libopencdk10 0.6.6-1 Open Crypto Development Kit (OpenC ii libtasn1-3 1.4-1 Manage ASN.1 structures (runtime) ii zlib1g 1:1.2.3.3.dfsg-12 compression library - runtime libgnutls26 recommends no packages. -- no debconf information -- brian m. carlson / brian with sandals: Houston, Texas, US +1 713 440 7475 | http://crustytoothpaste.ath.cx/~bmc | My opinion only troff on top of XML: http://crustytoothpaste.ath.cx/~bmc/code/thwack OpenPGP: RSA v4 4096b 88AC E9B2 9196 305B A994 7552 F1BA 225C 0223 B187
signature.asc
Description: Digital signature